Tuesday, December 9, 2008

Botnets : Electronic Weapons of Mass Destruction

Slashdot is reporting on a paper in the magazine Policy Review titled "The botnet peril" by the recent Permanent Undersecretary of Defense for Estonia.

In the article, the authors say botnets should be designated as 'eWMDs' — electronic weapons of mass destruction. I personally couldn't agree more. With modern advancements in decentralized command control systems combined with simplistic desktop vulnerability detection, creating a botnet of several thousand zombie PC's is a matter of sniffing your local ISP's network. (I actually wrote an article for wired earlier this year on how to build your own botnet, but it was -- declined for some unknown reason)

The article raises some great points including the concept of cyber warfare as asymmetric warfare; more is at risk for us than for most of our potential adversaries. (criminals, terrorists or rouge governments) Another asymmetric aspect is that the victims of cyber warfare may never be able to determine the identity of their actual attacker. Thus, America cannot meet this threat by relying solely upon a strategy of retaliation, or even offensive operations in general. (How do you attack a decentralized multi-nation organism, think digital Al-Qaeda?)

I also found this bit interesting "The U.S. government has a similar duty, but on a larger scale. Because botnets represent such a real threat to our domestic cyberspace and all the assets that those Internet-accessible computers control, it is a vital national interest to secure the domestic Internet." (Basically, the weakest link in almost all critical infrastructure is now IT connectivity. Those who control the network control the world.)

They give pretty good detail of the Russian botnet attack on Estonia last year. Interestingly, a similar two phased tactic which was used on Georgia this summer. In the initial so-called hacktivist phase was apparently used as pr cover, or diversion for a later botnet phase. It took some time for the international media to realize that the actual nature of the attack was the ensuing more sophisticated, organized, and devastating botnet attack which brings down critical pieces of the governments ability to communicate (email, phones, etc).

As many readers of my blog are keenly aware, the only real way to deal with this sort of cyberwarfare is to create a proactive botnet defence system, one capable of adapting to prolonged digital bombardment. The next major opportunity for the governments and global enterprises will be in the implementation of custom "enterprise botnets". This is not me going out and prognosticating, this is happening today.

#DigitalNibbles Podcast Sponsored by Intel

If you would like to be a guest on the show, please get in touch.